 Spyware / Virus Removal Help Needed |
|
|
|
|
  |
 Aug 20 2006, 06:42 PM
Post
#1
|
|
|
Premium Member  Group: Members Posts: 178 Joined: 26-June 05 Member No.: 8,699  |
Hey guys all of a sudden in the last two days my computer has just been attacked by all types of malicous software! and im not even kidding when almost instantly it went from running with out a hitch to so much slow down and so many pop ups i had to run avg. 648 virus and trojans! All deleted or moved to the vault, thought i was out of the woods than i ran adaware 202 Critical and malicous objects I deleted them then i ran adaware again got over a hundred bad things again after the restart and then ran adaware as well and after deleting over 1000 bad things I was still having problems. I then preceded to download S&D and that helped deleted quite a bit but after pop ups were still coming and i had over 68 processes still runing i noticed somthing interesting... I noticed i have some type of application runing by the name of "project1" I did a little research on the internet and found out its somthing very very bad but I cant seem to get rid of it with any of those three programs. ANy help would be awesome.
my current processes running: QUOTE svchost.exe cli.exe btstackserver.exe khalmnpr.exe firefox.exe setpoint.exe bttray.exe pslister.exe steam.exe taskmgr.exe msnmsgr.exe atirw.exe atidtct.exe lanchpd.exe jusched.exe win320880160745.exe avgcc.exe rundll32.exe duce6.exe ghynf.exe cli.exe tbmontegotray.exe ipodservice.exe kybrdff_11a.exe logitecheasysync.exe servicetub.exe lbtwiz.exe btwdins.exe avgemc.exe avgupsvc.exe avgamsvr.exe dfndrff_11a.exe spoolsv.exe logitecheasysync.exe explorer.exe cli.exe svchost.exe zqskw.exe ati2evxx.exe svchost.exe wscntfy.exe lbtserve.exe svchost.exe qttask.exe svchost.exe svchost.exe ati2evxx.exe cvn0.exe issch.exe nclrzvla.exe lsass.ece services.exe viewmgr.exe winlogon.exe csrss.exe smss.exe alg.exe mm_try.exe mmtask.exe ituneshelper.eexe wfxqhv.exe medialifeservice.exe wdfmgr.exe probe2.exe aolsoftware.exe system system idle process Guys please help thas 67 processes and if you actually care to look at the names you can tell so much of that stuff is bad but even when i keep trying to delete ghynf or w/e it is with avg and send it to the virus vault it keeps coming back! Any help would be appreicated. This post has been edited by BuffaloHELP: Aug 20 2006, 07:18 PM |
 |
 
|
|
Aug 20 2006, 10:44 PM
Post
#2
|
|
|
Hidden Secrets can't be told threw just words. One must feel what the other feels to truely understand... Group: Members Posts: 1,523 Joined: 8-January 06 From: Sacramento California Member No.: 16,756 |
right now i am using my grandma's laptop because i am at her house, and she had the same issues, what i did is i scaned with her Macafe, and then downloaded my AVG Free edition, and that cleaned most everything up but not all of it.
so, a suggestion to you is this: Go to Start right click on My Computer go to properties go to the System Restore Tab toggle the box that says Turn Off System Restore that solved most of the damage that project1 made for her laptop second, if you are computer savy and know what you have on your computer and where the the files for the programs are, then follow this Go to My Computer Go to C:\ or whatever your local disk is called generally it is C:\ just to ease it a little right click anywhere and go to Show in Groups and make sure it is By Name go to the P section, and delete Project1, which is where i found mine. and delete it ------------------------------- [DO AT YOUR OWN RISK] seeing as you probably have more virisus there look around just your C drive and check to make sure you dont have any files that yu dont normally see aroound there... [i claim no responsability for any lost files that are un-retrievable because you deleted them, i said that if you dont know your programs and where they keep all their files, then dont do the extra step to get rid of virisus] |
|
|
|
|
Aug 20 2006, 11:15 PM
Post
#3
|
|
|
Premium Member Group: Members Posts: 162 Joined: 18-July 06 Member No.: 26,797 |
you can dload Hijackthis
than submit the log it gives to these guys. they fixed my computer and it runs like new now 
|
|
|
|
|
Aug 21 2006, 12:17 AM
Post
#4
|
|
|
Newbie [Level 2] Group: Members Posts: 27 Joined: 23-July 06 Member No.: 27,146 |
Yeh a Hijack this log given to some pros that know it very well fixes things very "easily". You dont have to fully understand what needs to be removed, but those guys will tell you what needs removing, and how to remove it if its some spyware/virus thats annoying to remove (as in it keeps reviving itself from the dead).
|
|
|
|
|
Aug 21 2006, 03:44 AM
Post
#5
|
|
|
Premium Member Group: Members Posts: 162 Joined: 18-July 06 Member No.: 26,797 |
yea i had some fake error message that kept popping up, and every time I deleted it, it would be back next time I restarted >.<
but now its all gone |
|
|
|
|
Aug 21 2006, 03:19 PM
Post
#6
|
|
|
ITS ALIVE.....MUHHHAAAA Group: Members Posts: 532 Joined: 17-October 05 From: Chippenham UK Member No.: 13,031 |
Right zach101 if you have any toolbars on your browsers remove them now as viruses and spywarecan bypass your firewall though them. second if you do not have a firewall buy a good one or find a free one. second for viruses you may want to consider getting a better one like ZoneAlarm or Norton or there is AVGFree wich in my experience is very good. next download SpyBot http://www.safer-networking.org/en/download/index.html
once you have done all that run a virus scan with an anti virus program, then run SpyBot Search and Destroy which should remove your spy2ware and adware. But if i were you id consider re-formatting your hdd as the viruses may still leave traces even after you have canned and deleted them. Also once you have got any software that is better than your existing stuff pull out your modem and do not connect to the net untill you have deleted all the viruses and spyware or re-formated your hard disc as the viruses on there can tell other viruses to download as well. so in the future make sure your well protected. |
|
|
|
|
Aug 21 2006, 03:32 PM
Post
#7
|
|
|
ITS ALIVE.....MUHHHAAAA Group: Members Posts: 532 Joined: 17-October 05 From: Chippenham UK Member No.: 13,031 |
QUOTE svchost.exe - critical system process (must stay running for session of windows to stay working) cli.exe - dunno what it is but if you need it keep it orherwise terminate it btstackserver.exe - Terminate process khalmnpr.exe -Terminate process firefox.exe - keep running setpoint.exe -dunno what it is but if you need it keep it orherwise terminate it bttray.exe - Terminate process pslister.exe -Terminate process steam.exe - Terminate process taskmgr.exe - Keep running msnmsgr.exe - msn messenger keep unning if you using it. atirw.exe - Terminate process atidtct.exe -Terminate process lanchpd.exe -Terminate process jusched.exe - Terminate process win320880160745.exe - Terminate process avgcc.exe - keep running rundll32.exe - critical system process (must stay running for session of windows to stay working) duce6.exe - Terminate process ghynf.exe - -Terminate process cli.exe -same as other cli.exe comment tbmontegotray.exe - Terminate process ipodservice.exe - keep runnign if you have your ipod plugged into you pc kybrdff_11a.exe - Terminate process logitecheasysync.exe - keep running servicetub.exe - dunno what it is but if you need it keep it orherwise terminate it lbtwiz.exe - Terminate process btwdins.exe - Terminate process avgemc.exe - keep running avgupsvc.exe - keep running avgamsvr.exe - keep running dfndrff_11a.exe - Terminate process spoolsv.exe - keep running logitecheasysync.exe - keep running explorer.exe - critical system process (must stay running for session of windows to stay working) cli.exe - same as other cli.exe svchost.exe - critical system process (must stay running for session of windows to stay working) zqskw.exe - Terminate process ati2evxx.exe - keep running if you have ATI software otherwise terminate it svchost.exe - same as other svchost.exe wscntfy.exe - Terminate process lbtserve.exe - Terminate process svchost.exe - same as other svchost.exe qttask.exe - Terminate process svchost.exe - same as other svchost.exe svchost.exe - same as other svchost.exe ati2evxx.exe - keep running if you have ATI software otherwise terminate it cvn0.exe - Terminate process issch.exe - Terminate process nclrzvla.exe - Terminate process lsass.ece - Terminate process services.exe - critical system process (must stay running for session of windows to stay working) viewmgr.exe -Keep Running winlogon.exe -Keep Running csrss.exe - Keep running is needed smss.exe - Terminate process alg.exe - Keep Running mm_try.exe - Terminate process mmtask.exe - Terminate process ituneshelper.eexe - Keep running if ipod is plugged into pc wfxqhv.exe - Terminate process medialifeservice.exe - Terminate process wdfmgr.exe - Terminate process probe2.exe - Terminate process aolsoftware.exe - Keep running if using AOL software on your pc otherwise terminate process system - critical system process (must stay running for session of windows to stay working) system idle process - critical system process (must stay running for session of windows to stay working) I hope this helps but i cannot guarantee this will solve the problem as some of the services i do not know about may be software process from software you installed on your pc. |
|
|
|
|
Aug 21 2006, 07:03 PM
Post
#8
|
|
|
A clever man learns from his own mistakes, a WISE man learns from those of OTHERS Group: [HOSTED] Posts: 884 Joined: 12-April 06 From: Essex, UK Member No.: 21,719 |
From what you said it seems that the malware (virusses etc...) has done one, or both of, two things: Infected more than one location or infected programs that are hard to scan or impossible to remove.
First thing i would do is to boot into safe mode. Safe mode is just a mode of windows where nothing except for essential proccesses are started, normally only ones like the ones pointed out by mxweb. Thats the plan anyway! To do this restart the computer. Just after the BIOS screen, which is the first screen youll see keep tapping the F8 key it might bleep at you but just carry on, its just because it thinks the key is stuck. This should give you a few options of startup modes, things like "start normally, start in safe mode...etc..." You want to start in "safe Mode". Then let it boot up as usual, the display willprobably look absolutely crazy and very big but thats normal, dont panic! Now becuase only essential proccesses should be started if the malware has infected applications like text editors etc...the malware should not have been started. So go to task manager and veiw the proccesses and take not of them all. Now compare that with previous list posted here and see what is not on the new list. With any luck the malware is one of them. You can post the new list here if you want and see what we can see. The idea is that once we know what the malware is called we can easily find it with a simple search. While in safe mode you might find it usefull to do a virus scan using all the software you have! ONly one at a time though. Hopefully they can find and catch the malware while it isnt runing and just destroy/quarantine it. And the virus hasnt got a chance to replicate itself because its not running. This should catch some more of the things you foubd earlier, chances are that because the malware was running the anti virus deleted it but the malware just made a copy of itself and moved! It probably wont get them all because some viruses might still start in safe mode. But it should help to delete a good few more. And definately submit a hijackthis log to the experts, that will really help a hell of alot! Their report will probably contain every peice of malware and where it is and how to get rid of it! BUt menawhile try all the things people have said here! Ive had this problem and i learnt one thing. If the antivirus warns that it is a vital system process do not delete it!!!!! lol i learnt the very hard way! Leave it be and sort that one out abit later! If you dont have it already get avast antivirus home edition (its a free download) and do an on boot scan. This boots windows into a special mode similar to safe mode but even less things are started and avast will scan the HDD before anything gets a chance to startup and copy itself! But please beware about deleting anything, its much safer to quarantine it. That way you can get it back if you need to! |
